“Sketch-Based Attack Detection on Programmable Networks”
Master’s thesis, Mestrado em Engenharia Informática e de Computadores, Instituto Superior Técnico, Nov. 2018
Abstract: The implementation of an intrusion detection system deals with two problems. First, the need to obtain up-to-date statistics encompassing various metrics of interest that can range from network traffic information (e.g., network load or latency) to security alerts. Second, the ability to extract relevant knowledge from the aforementioned data. The first problem is usually tackled through real-time network monitoring using low accuracy techniques such as packet sampling, requiring the placement of expensive hardware components in crucial network points in order to improve accuracy. In this thesis we plan to approach this challenge with programmable networking, a new approach to computer networks that separates the data plane from the control plane, enabling the centralization of network control and the execution of applications that direct the configuration of forwarding devices. This new paradigm includes the programmability of forwarding devices, such as switches, and enables the use of sketching algorithms directly in the data plane, that provide summary statistics about packet flows, allowing a more effective network monitoring. We tackle the second problem through unsupervised machine learning techniques that possess the ability to identify a specific behavior without any prior knowledge or training phase, serving as a powerful instrument to detect suspicious patterns. This work will, therefore, propose the design, implementation, and evaluation of a monitoring system using programmable switches that leverages machine learning algorithms to perform network attack detection.
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)